T0105 - Active scanning
This technique involves actively scanning an organization's cloud infrastructure for vulnerabilities and misconfigurations that can be exploited by attackers to gain unauthorized access or cause system disruption.
An attacker can use this technique to identify vulnerable assets within an organization's cloud infrastructure and develop an understanding of the target's attack surface.
By conducting active scanning, an attacker can gather information about an organization's network topology, application architecture, and security controls, and use this information to plan and execute more effective attacks.
An attacker can use this technique to identify vulnerable assets within an organization's cloud infrastructure and develop an understanding of the target's attack surface.
By conducting active scanning, an attacker can gather information about an organization's network topology, application architecture, and security controls, and use this information to plan and execute more effective attacks.
ID: T0105
Type:
Technique
Tactic:
Reconnaissance
Summary:
Active scanning
State:
draft
Mitigations
id
type
summary
description
M1450
Mitigation
Implement zero trust
Implementing a zero-trust security model can help organizations mitigate the risk of data exfiltration by ensuring that all traffic leaving the network is authenticated, authorized, and encrypted.
This model involves a layered approach to security that requires users and devices to be verified before accessing any resources.
M1451
Mitigation
Use network segmentation
Network segmentation is a technique that involves dividing a network into smaller segments or subnets to limit the spread of an attack if it occurs.
By segmenting the network and restricting communication between segments, organizations can minimize the impact of data exfiltration.
M1550
Mitigation
Implement strict access control for clouds
Limit access to cloud resources to only authorized users and ensure that proper authentication and authorization mechanisms are in place.
M1720
Mitigation
Implement regular patches and updates
Regular patches and updates are necessary to improve the security, performance, and reliability of software and systems.
They include bug fixes, security updates, and performance improvements.
Regular patches and updates also ensure compatibility with new technologies and can help maintain compliance with regulatory standards.
Failure to install patches and updates can leave systems vulnerable to security threats, cause system failures or crashes, and limit the functionality of software and systems.
Detections
id
type
summary
description
D1261
Detection
Implement penetration testing
Penetration testing, also known as ethical hacking or vulnerability assessment, is a proactive approach to mitigating cybersecurity risks.
It involves simulating real-world cyber attacks on a system, network, or application in a controlled and authorized manner to identify vulnerabilities and weaknesses that could be exploited by malicious actors.
D1262
Detection
Implement vulnerability assesment
Vulnerability assessment is a proactive approach to mitigating cybersecurity risks by systematically identifying, evaluating, and prioritizing vulnerabilities in a system, network, or application.
It involves conducting regular assessments to identify potential weaknesses that could be exploited by attackers, and taking appropriate actions to remediate or mitigate those vulnerabilities.
D1510
Detection
Implement Intrusion Detection System and anti-malware
An intrusion detection system (IDS) is a security tool designed to detect and alert on unauthorized access to a computer system or network.
Implementing intrusion detection systems (IDS) and anti-malware software can help to identify and block malicious activity.
IDS is a critical security tool that helps organizations to detect and respond to security incidents in a timely manner.
By providing real-time monitoring and analysis of network traffic, IDS can help organizations to stay ahead of potential threats and reduce the risk of a security breach.